package com.rupeng.web.interceptor;

import java.lang.annotation.Annotation;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.Mapping;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.rupeng.pojo.AdminUser;
import com.rupeng.service.AdminUserRoleService;
import com.rupeng.util.AjaxResult;
import com.rupeng.util.JsonUtils;

public class PermissionInterceptor extends HandlerInterceptorAdapter {
	@Autowired
	private AdminUserRoleService adminUserRoleService;
	
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		AdminUser adminUser = (AdminUser)request.getSession().getAttribute("adminUser");
		if (adminUser==null) {
			if (request.getHeader("X-Requested-With")!=null) {
				response.getWriter().print(JsonUtils.toJson(AjaxResult.errorInstance("未登录，请登录后操作")));
			} else {
				response.setHeader("Content-Type","text/html;charset=UTF-8");
				response.getWriter().print("未登录，请登录后操作");
			}
			return false;
		}
		/* 数据库待填充权限列表
		Long adminUserId =adminUser.getId();
		String path = request.getServletPath();
		Map<String, Object> params = new HashMap<String, Object>();
		params.put("adminUserId", adminUserId);
		params.put("path", path);
		boolean result = adminUserRoleService.checkPermission(params);
		if (result) {
			return true;
		} else {
			if (request.getHeader("X-Requested-With")!=null) {
				response.getWriter().print(JsonUtils.toJson(AjaxResult.errorInstance("权限不足")));
			} else {
				response.setHeader("Content-Type","text/html;charset=UTF-8");
				response.getWriter().println("权限不足");
			}
			return false;
		}
		*/
		return true;
	}
}
